From: Jonatan Kronqvist
Date: Wed, 28 Sep 2011 10:42:22 +0000 (+0000)
Subject: Updated release notes for 6.6.7
X-Git-Tag: 6.7.0~14^2~8
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=95b32ab60e99e16db5bb6911ce102ea77fc0d57b;p=vaadin-framework.git
Updated release notes for 6.6.7
svn changeset:21407/svn branch:6.6
---
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html
index 9f11093091..a65b8459fb 100644
--- a/WebContent/release-notes.html
+++ b/WebContent/release-notes.html
@@ -57,6 +57,14 @@ widget sets and refresh your project in Eclipse. If you are upgrading from
package). See General Upgrade Instructions for more details on upgrading.
+Security fixes in Vaadin Framework 6.6.7
+
+ - #7669 CSRF/XSS vulnerability through separator injection
+ - #7670 Directory traversal vulnerability
+ - #7671 Contributory XSS: Possibility to inject HTML/JavaScript in system error messages
+ - #7672 Contributory XSS: possibility for injection in certain components
+
+
Enhancements in Vaadin Framework 6.6
General enhancements:
@@ -100,6 +108,25 @@ package). See General Upgrade Instructions for more det
Server communication methods in ApplicationConnection can now be overridden (#6885)
+Fixes in Vaadin @version@
+
+ #7669 CSRF/XSS vulnerability through separator injection
+ #7670 Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN()
+ #7671 Contributory XSS: Possibility to inject HTML/javascript in system error messages
+ #7541 Table.setColumnCollapsed("id",true) will cleared PropertyDataSource for any fields in table item properties
+ #7672 Contributory XSS: possibility for injection in certain components
+ #3125 Portlet size is not updated when window is resized
+ #6420 Solution for menu too long.
+ #7560 ComboBox: Writing the name of a new item and clicking on drop down menu works inconsistently.
+ #7653 Update screenshots for Safari 5.1
+ #7654 Update screenshots for Safari 5.1
+
+
+ The full
+ details of the defects can be found at dev.vaadin.com.
+
+
Backward-Incompatible Changes in Vaadin Framework 6.6